CT log servers for SCT

prok_in · November 9, 2017, 5:50am

To how many CT Log servers, Lets Encrypt CA server send certificate for SCT/certificate entries in the log ?

I checked some certificates for LE and found that for a certificate entries are in 3 servers, and another has entries in 4 and other one in 5 servers.
Exp -
https://crt.sh/?id=218850046
https://crt.sh/?id=249746719
https://crt.sh/?id=233465075

All above certificates have different entries in Certificate Transparency header.

Should not the no. of servers remain same as SCT is a time bound process which includes 24 hours as MMD ?

cpu · November 9, 2017, 1:47pm

Hi @prok_in,

Great question!

It's not completely static. New logs appear, old logs get disqualified, sometimes log operators ask us to stop submitting for a little while and then we may resume again.

I believe presently we submit to Icarus, Venafi's gen2 log, Sabre, Mammoth, and one of Cloudflare's new logs. The staging environment only submits to test-tube.

The three certificates you shared were issued in three different points in time and the # of logs we were submitting to can change as I explained above. It isn't a constant.

Hope that helps explain!

system · December 9, 2017, 1:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Different Timestamps from different Log servers Issuance Tech	2	619	May 18, 2020
Duplicates in CT logs. Precertificate vs. Leaf certificate Issuance Tech	7	6723	September 14, 2018
Upcoming Support for Google Chrome Feature Requests	2	5452	March 29, 2018
How are CT and crt.sh handling precertificates now? Issuance Tech	3	2194	July 3, 2018
CT log acceptance by CAs Issuance Tech	8	89	March 6, 2025

CT log servers for SCT

Related topics